How is CVE-2026-12214 exploited?

Network reachability (not-required): The attacker needs an existing shell or process on the host; the vulnerable code path is reachable only through local execution, not over the network. Authentication (required): Any low-privilege local account is sufficient to reach the vulnerable function; no administrative rights are needed. Victim interaction (not-required): No user interaction of any kind is required to trigger the vulnerability. Attack complexity (info): The exploit is reliable and condition-free; no race conditions, memory layout dependencies, or other environmental factors are required.

What is the impact of CVE-2026-12214?

A successful attacker reads confidential data from the affected process, including any in-memory secrets or credentials it holds. A successful attacker writes to or modifies data within the affected process, potentially altering security enforcement decisions made by the Nucleus Engine. A successful attacker can crash the Nucleus Engine Monitoring Logic process, disabling the protection and monitoring functions it provides.

Back to search

HIGHCVE-2026-12214Published 2026-06-15Modified 2026-06-15CNA VulDB

CVE-2026-12214: Qihoo 360 Total Security Nucleus Engine Monitoring Logic RpcStringBindingComposeW protection mechanism

A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v4.0: 8.5
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

A protection mechanism failure vulnerability exists in the Nucleus Engine Monitoring Logic component of Qihoo 360 Total Security 6.0, specifically in the RpcStringBindingComposeW function. An attacker who already has a low-privilege local account can manipulate the NetworkAddr argument to bypass the intended protection mechanism, without needing any victim interaction or elevated rights. Successful exploitation gives the attacker full read, write, and crash capability over the affected process. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment an upstream fix is published.

HarborGuard Coverage

Detection

Detection of CVE-2026-12214 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images that bundle Qihoo 360 Total Security 6.0.

Available

Triage

HarborGuard is capable of scoring this finding at CVSS 8.5 (HIGH) and applying per-environment compliance policy weighting to determine urgency, then routing the alert to the appropriate team inbox within each customer organization.

Available

Patch

Because no fix version has been published upstream, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Qihoo releases a remediated version. Until then, the finding remains open in each affected customer environment with advisory-monitoring status visible in the dashboard.

Pending upstream

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or process on the host; the vulnerable code path is reachable only through local execution, not over the network.
AuthenticationRequired
Any low-privilege local account is sufficient to reach the vulnerable function; no administrative rights are needed.
Victim interactionNot required
No user interaction of any kind is required to trigger the vulnerability.
Attack complexityDetail
The exploit is reliable and condition-free; no race conditions, memory layout dependencies, or other environmental factors are required.

Blast Radius

A successful attacker reads confidential data from the affected process, including any in-memory secrets or credentials it holds.
A successful attacker writes to or modifies data within the affected process, potentially altering security enforcement decisions made by the Nucleus Engine.
A successful attacker can crash the Nucleus Engine Monitoring Logic process, disabling the protection and monitoring functions it provides.

How HarborGuard Handles This

Available on HarborGuard: since no upstream fix for CVE-2026-12214 exists as of the publication date, HarborGuard continuously re-checks the advisory on every ingest cycle and will generate a patched-image rebuild and open a PR against affected workloads automatically once Qihoo publishes a remediated release. In the interim, customers can apply compensating controls through HarborGuard policy: network-policy isolation can restrict lateral movement from a compromised low-privilege account, and workloads that include 360 Total Security 6.0 can be flagged for mandatory review before promotion to production. For customers who opt into auto-remediation, the rebuild, regression-test run, and PR will be initiated within minutes of upstream patch availability. The public exploit code noted in the advisory raises the practical risk of this vulnerability, so prompt review of any images containing the affected component is advisable.

See how HarborGuard automates this

Affected packages

Qihoo / 360 Total Security
6.0

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References

Metrics

Get notified